Today we're gonna discuss about a really powerful feature from Windows (Pro and Enterprise), called Windows Sandbox.
Definition: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted.
Now, you may wonder why one would use this over a normal VM.
The main reason is quickness - Windows Sandbox emulates your current OS (e.g. if you have Windows 11, you will have a Windows 11 Sandbox). This means that you do not need to configure it at all, as opposed to a VM where you have to configure it and install the desired OS.
Another reason is the fact that we can automate it specifically for application testing - this is the topic for today.
The automation is done through a file with the .WSB (Windows Sanbox) extension and is basically an XML file.
More details about this file and its' parameters can be found here:
Windows Sandbox Configuration
Here are the things we can configure:
- vGPU (virtualized GPU): Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox uses Windows Advanced Rasterization Platform (WARP)
- Networking: Enable or disable network access within the sandbox
- Mapped folders: Share folders from the host with read or write permissions. Exposing host directories might allow malicious software to affect the system or steal data
- Logon command: A command that's executed when Windows Sandbox starts
- Audio input: Shares the host's microphone input into the sandbox
- Video input: Shares the host's webcam input into the sandbox
- Protected client: Places increased security settings on the Remote Desktop Protocol (RDP) session to the sandbox
- Printer redirection: Shares printers from the host into the sandbox
- Clipboard redirection: Shares the host clipboard with the sandbox so that text and files can be pasted back and forth
- Memory in MB: The amount of memory, in megabytes, to assign to the sandbox
In addition to that, we have the Mapped folders, which will basically let us copy a folder from our machine over to our Sandbox so we have access to the installation packages.
Note: for this, I would advise having a predefined folder where you keep your installation packages, e.g.:
Code: Select all
C:\AppPackages
Code: Select all
<Configuration>
<VGpu>Default</VGpu>
<Networking>Default</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:\AppPackages\MyApp</HostFolder>
<ReadOnly>true</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>msiexec /i C:\Users\WDAGutilityAccount\Desktop\MyApp\advinst.msi</Command>
</LogonCommand>
</Configuration>
The default location is the desktop, as we can see a bit below.
Note: the WDAGutilityAccount is the account name that comes by default on all Windows Sandboxes.
After saving it, you can simply double click on it and it will launch Windows Sandbox + the installer for Advanced Installer.
Hope you can see how useful this can be, especially for application installation testing.
Best regards,
Catalin